package com.hulk.dryad.web.oauth2.config;


import com.hulk.dryad.manage.security.component.DryadAuthExceptionEntryPoint;
import com.hulk.dryad.web.oauth2.basic.component.DryadWebResponseExceptionTranslator;
import com.hulk.dryad.web.oauth2.basic.service.DryadRedisTokenStore;
import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.web.AuthenticationEntryPoint;

/**
 * @author hulk
 * @date 2019/6/22 认证服务器配置
 */

@Configuration
@RequiredArgsConstructor
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    private final ClientDetailsService dryadClientDetailsServiceImpl;

    private final AuthenticationManager authenticationManagerBean;

    private final UserDetailsService dryadUserDetailsService;

    private final AuthorizationCodeServices authorizationCodeServices;

    private final DryadRedisTokenStore dryadRedisTokenStore;

    private final TokenEnhancer dryadTokenEnhancer;

    private final AuthenticationEntryPoint dryadAuthExceptionEntryPoint;

    @Override
    @SneakyThrows
    public void configure(ClientDetailsServiceConfigurer clients) {
        clients.withClientDetails(dryadClientDetailsServiceImpl);
    }



    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
        oauthServer.allowFormAuthenticationForClients()
                .authenticationEntryPoint(dryadAuthExceptionEntryPoint)
                .checkTokenAccess("isAuthenticated()");

    }

	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
		endpoints.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST).tokenStore(dryadRedisTokenStore)
				.tokenEnhancer(dryadTokenEnhancer).userDetailsService(dryadUserDetailsService)
				.authorizationCodeServices(authorizationCodeServices).authenticationManager(authenticationManagerBean)
				.reuseRefreshTokens(false).pathMapping("/oauth/confirm_access", "/token/confirm_access")
				.exceptionTranslator(new DryadWebResponseExceptionTranslator());
	}
}
